8bfed7275352556f9cfdab018178c3e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8bfed7275352556f9cfdab018178c3e3_JaffaCakes118
Size

3.2MB
MD5

8bfed7275352556f9cfdab018178c3e3
SHA1

99097fc53a707a3fdf6d599404b960bb748a57f3
SHA256

b972757ad98eb0a90ddd6e7ad7937cf649f19967cacb58bf5ffe121dc1af68ab
SHA512

14735dd26569ae97a651cd36fc798b37e57eb22d05d0c5395b55ae58ffb2d58535d8f9f6c74255ba0008fbd034f83f67373051432a22ea1f83516d5d27fce85c
SSDEEP

49152:BwcQbi9ejHVXJgJDktZbEvlsQiva5MVRpooGKAPryDYWxBYvPfT:BsMeUYZbEtsQiwMoWxBYvP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bfed7275352556f9cfdab018178c3e3_JaffaCakes118

Files

8bfed7275352556f9cfdab018178c3e3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e8d6aa288d96a5dd32a1587953e06c46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Develop\DIAS\Dias240\src\DIAS_exe\Release\Win32\CnxDIAS.pdb

Imports

advapi32

OpenServiceA
CloseServiceHandle
DeleteService
RegSetValueExA
EnumDependentServicesA
CreateServiceA
RegCreateKeyExA
RegOpenKeyExA
QueryServiceStatus
RegDeleteValueA
OpenSCManagerA
ControlService
RegCloseKey
RegisterEventSourceA
RegQueryValueExA
DeregisterEventSource
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ReportEventA
RegOpenKeyA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegQueryValueExW
AddAccessAllowedAce
InitializeSid
InitializeAcl
RegFlushKey
GetUserNameA

kernel32

MultiByteToWideChar
lstrlenW
GetProcAddress
LoadLibraryExA
GetComputerNameA
lstrcmpA
lstrcmpiA
Sleep
GetLastError
GetModuleFileNameA
SetErrorMode
SetUnhandledExceptionFilter
GlobalAlloc
GetPrivateProfileIntA
GlobalFree
GetPrivateProfileStringA
OpenMutexA
CreateMutexA
GetCurrentThreadId
GetVersionExA
CloseHandle
GetModuleHandleA
WaitForSingleObject
SetEvent
InitializeCriticalSection
CreateEventA
LeaveCriticalSection
ResetEvent
DeleteCriticalSection
OutputDebugStringA
LocalAlloc
LocalFree
EnterCriticalSection
WriteFile
SetFilePointer
CreateFileA
SetLastError
lstrcpynA
FormatMessageA
GetModuleFileNameW
GetTickCount
GetSystemTime
GetSystemDefaultLCID
LoadLibraryA
IsBadWritePtr
CreateSemaphoreA
ReleaseSemaphore
GetLocalTime
FreeLibrary
FindFirstFileA
SetThreadPriority
GetThreadTimes
GetExitCodeThread
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
lstrcatA
GetSystemDirectoryA
WritePrivateProfileStringA
SetFileAttributesA
GetFileAttributesA
GetPrivateProfileStructA
WritePrivateProfileStructA
LocalReAlloc
FindNextFileA
GlobalUnlock
GlobalLock
TerminateThread
GlobalReAlloc
GlobalHandle
ReleaseMutex
FlushFileBuffers
ResumeThread
CreateProcessA
GetStartupInfoA
GetFileSize
GetCurrentProcessId
GetCommandLineA
GetComputerNameExA
GetACP
HeapSize
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
ExitProcess
GetModuleHandleW
VirtualAlloc
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
HeapReAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetTimeZoneInformation
DeleteFileA
MoveFileA
RaiseException
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
WritePrivateProfileSectionA
GetPrivateProfileSectionA
SearchPathA
lstrcpyA
WideCharToMultiByte
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InterlockedCompareExchange
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenA
FindClose
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
ReadFile
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetFileType

user32

DeleteMenu
GetSystemMenu
GetPropA
SetPropA
RemovePropA
WaitForInputIdle
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
GetWindowLongA
UnregisterClassA
SetWindowsHookExA
UnhookWindowsHookEx
SetWindowLongA
PostThreadMessageA
RegisterWindowMessageA
SendMessageTimeoutA
DestroyWindow
PostQuitMessage
DefWindowProcA
GetMessageA
SetTimer
KillTimer
SendMessageA
TranslateMessage
CreateWindowExA
DispatchMessageA
UpdateWindow
IsIconic
SetForegroundWindow
LoadIconA
wsprintfA
MessageBoxA
ShowWindow
LoadCursorA
RegisterClassA
PostMessageA
FindWindowA
GetClassNameA

gdi32

GetStockObject

winspool.drv

EnumPortsA
EnumPrinterDriversA
ClosePrinter
OpenPrinterA
GetPrinterA
GetPrinterDriverA
EnumJobsA
GetJobA
GetPrinterDataA
EnumPrintersA

comdlg32

GetFileTitleA

ws2_32

getservbyname
getsockname
htonl
ntohl
ntohs
WSAGetLastError
WSAAsyncSelect
getsockopt
gethostbyname
inet_addr
WSACleanup
WSAStartup
socket
closesocket
gethostname
setsockopt
shutdown
connect
sendto
send
recvfrom
recv
listen
accept
bind
ioctlsocket
htons

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

_AuLocalTransGetEntryPoints@12

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8d6aa288d96a5dd32a1587953e06c46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

ws2_32

version

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 359KB - Virtual size: 359KB

.data Size: 139KB - Virtual size: 162KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 359KB - Virtual size: 359KB

.data
Size: 139KB - Virtual size: 162KB

.rsrc
Size: 4KB - Virtual size: 3KB